[pkix] RFC 5280 - Clarification on the Location where CRL URL should be Obtained
Dhaura Pathirana <dhaurapathirana@gmail.com> Wed, 28 February 2024 06:17 UTC
Return-Path: <dhaurapathirana@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03113C151089 for <pkix@ietfa.amsl.com>; Tue, 27 Feb 2024 22:17:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KD1WvBM6CVAW for <pkix@ietfa.amsl.com>; Tue, 27 Feb 2024 22:17:40 -0800 (PST)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2725EC14F68A for <pkix@ietf.org>; Tue, 27 Feb 2024 22:17:40 -0800 (PST)
Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-512e1991237so483251e87.1 for <pkix@ietf.org>; Tue, 27 Feb 2024 22:17:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709101058; x=1709705858; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=7Ed/3YY+FuvS6l5meQVD0DtWleQ/YS7mA7PBlem0Uk4=; b=cvYiRhWg9PxtyNm5fVQjV9iVNxndwYzQEv6CpbYL68W0minB2QTRbJE0grXFbBnS6v nJkIK1WK1CGlm4JF6jfjarPTh2VRCitcTQE2HyVvg52/1QT7ZNUQ3K3mhq2/7/91r+yZ N8SHaZ+Ex/0JnNwxV7QXQh33kTtNvPb66/P0i5XhaIVCzT5/nHeq3CSyz8POnXVr4o3v QzCWYeIXuUg/6IeZHZPbH+Rel6UCJnNYax4J1AzxVvGyiEEEjkE+xdhuViZUtRM6IpQ0 7ZLmkMD5PyMb3rDAe5r0KaGyURz8mSFLZPv1xWKBY7bAIxPlu0KNSRDiSoXHL2CNp8Fz wyhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709101058; x=1709705858; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=7Ed/3YY+FuvS6l5meQVD0DtWleQ/YS7mA7PBlem0Uk4=; b=Woa90ArqHXB3MQ2P0fo16ymyNFl6JnXEwbtVZyPBQVOakkA2Ml+RjwbfrQoLiW6DXm y4AW+0/yhnvZy9Nomnq6CpZosYBQ2CCswWENl0QlW1T6HT5H1tIYrGa0h0PxhFu9uOAW 13bmV4WbcoXh3acyoySeJ1M/Vq/38A+s/JeH78fFqjGqm5kDp50C8K7zH63FAJo/pGKI Qx5yPVMTSg7lRVnSl6tZzUy6IsozDqECh4GFsTddJJ/S1wcPLokO4JHgYOtFecqJPG2d V8mwLcJW3IdWL+FnjQTsM6F87KOTXzMgWi38gZuYoIFGqKNtCy/kKsjRCK2Zy3iYYurh kzeQ==
X-Gm-Message-State: AOJu0Ywv6B59sRns/Tqs4TliFhuN/8Lm/hqbkONNhMywsxMR0Wxwl0Ui DsXgif0RRpNzU0p2Wry9TAs0kYWcbKgcjEJFW39Gc6rCTt5/0Jrvxfj5KyYMwmwME+7HReZWTO1 2SLbLhrm6pDSPiR4BmLa/16haqduT/Qkc2h4osg==
X-Google-Smtp-Source: AGHT+IEaesy0yCy+DQt9N4xSiW6X42UBHaOmEH2kQYRtdpDhy81juwfXxU1PESVPeMsd/vQNNj+R0IDfn0GvsKuh9dY=
X-Received: by 2002:a19:6456:0:b0:512:fdcb:af60 with SMTP id b22-20020a196456000000b00512fdcbaf60mr470176lfj.12.1709101057780; Tue, 27 Feb 2024 22:17:37 -0800 (PST)
MIME-Version: 1.0
From: Dhaura Pathirana <dhaurapathirana@gmail.com>
Date: Wed, 28 Feb 2024 11:47:33 +0530
Message-ID: <CAL4nJSYSJtgKPBmk+LGwYaeyk34i7CRibQ3qnLiNtaLUkVLiSg@mail.gmail.com>
To: pkix@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006f2dd206126b190b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/iTk-vYSlPUx98KEIt53H6WXRkZY>
Subject: [pkix] RFC 5280 - Clarification on the Location where CRL URL should be Obtained
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 06:17:44 -0000
Hi all, Kindly requesting assistance in clarifying the location where CRL URL should be obtained in order to do CRL validation on a X509 certificate since it was not specifically clear in the specification [1]. 1. Should we extract the CRL URL from the certificate itself or from the issuer certificate associated with the validating certificate? 2. Furthermore, if the default behavior is to obtain the CRL URL from the certificate itself and if the CRL URl is unavailable in the certificate itself, is it customary to obtain it from the issuer certificate? Any assistance on these two questions would be greatly appreciated. [1] - https://datatracker.ietf.org/doc/html/rfc5280 Thank you. Kind regards, Dhaura.
- [pkix] RFC 5280 - Clarification on the Location w… Dhaura Pathirana
- Re: [pkix] RFC 5280 - Clarification on the Locati… Santosh Chokhani
- Re: [pkix] RFC 5280 - Clarification on the Locati… Michael StJohns
- Re: [pkix] RFC 5280 - Clarification on the Locati… Dhaura Pathirana